Stop Searching. Start Trusting.

The curated directory of MCP servers, vetted for security, efficiency, and quality.

Browse DirectoryWhy Us?

Tired of the MCP "Marketplace" Chaos?

We built MCPScout.ai to solve the ecosystems biggest pain points.

No Insecure Dumps

We manually analyze every server for basic security flaws.

Easy Setup

Our gotcha notes warn you about complex setups.

Avoid "Token Hogs"

We estimate token costs for cost-effective agents.

Products, Not Demos

We filter out "Hello World" demos.

CATEGORIES:
SORT:

Vetted Servers(7756)

55
1
High Cost
pythpythpython icon

openstax-mcp-server

by pythpythpython

Sec7

An AI-powered Model Context Protocol (MCP) server that connects LLMs to OpenStax educational content for semantic search, problem generation, and Jupyter notebook creation.

Setup Requirements

  • ⚠️Requires a Cloudflare account with Workers, Workers AI, Workers KV, and Vectorize bindings configured.
  • ⚠️Client applications (e.g., Cursor, Claude Desktop) need specific configuration to connect to the MCP server endpoint.
Verified SafeView Analysis
Input parameters for tool calls, while defined with schemas, are directly passed to implementation functions without explicit runtime re-validation within the worker. This could potentially lead to unexpected behavior or resource exhaustion (e.g., requesting an excessive number of problems) if a malicious client bypasses the client-side schema adherence. However, the server runs in an isolated Cloudflare Workers environment, which significantly mitigates risks like shell injection or direct system compromise. The current Jupyter notebook generation is a basic placeholder and does not dynamically generate executable code based on content, limiting immediate code execution risks through that vector.
Updated: 2025-12-01GitHub
55
1
Medium Cost
neverinfamous icon

db-mcp

by neverinfamous

Sec9

An enterprise-grade SQLite MCP server for database management, analytics, and AI-native operations with OAuth 2.0 authentication and granular access control.

Setup Requirements

  • ⚠️Requires Node.js 20+ to run locally.
  • ⚠️Using the native SQLite backend (--sqlite-native) requires the 'better-sqlite3' optional dependency, which is a native module that needs to be compiled (may require build tools like Python/C++ compilers).
  • ⚠️Full OAuth 2.0 authentication functionality depends on configuring an external authorization server (e.g., Keycloak).
Verified SafeView Analysis
The server implements robust security measures including: OAuth 2.0 authentication (RFC 9728/8414 compliant) with JWT validation and JWKS for signature verification; strict scope-based authorization; default restrictive CORS configuration; and extensive input validation (regex for table/column names) to prevent SQL injection. SQL queries predominantly use parameter binding, and logging sanitizes messages to prevent log injection. Strict TypeScript and ESLint configurations contribute to overall code quality and reduce potential vulnerabilities. No 'eval' or obfuscation patterns were observed. A point is deducted as some SQL string construction involves manual escaping rather than universally relying on parameter binding, though the implemented validation significantly mitigates this.
Updated: 2025-12-12GitHub
55
1
High Cost
ABISCloud icon
Sec6

Integrate Power BI Desktop with conversational AI assistants like Claude or GPT for natural language interaction, model introspection, modification, and analysis.

Setup Requirements

  • ⚠️Requires the MSI version of Power BI Desktop (not Store version).
  • ⚠️Power BI Desktop must be open with a .pbix file loaded for the server to find instances.
  • ⚠️Requires Claude Desktop (or other MCP-compatible AI assistant) with specific configuration to connect.
Verified SafeView Analysis
The actual source code for the executable (`PbiMcpServerAbisSidecar.exe`) is not provided for audit, making a comprehensive security assessment impossible. Based on the README, the server runs 100% locally and no data leaves the machine, which is a positive for privacy. It supports powerful write operations (CRUD for model objects), which carries inherent risk if misused, though a 'Safety Layer' with dry-run mode and confirmation flags is mentioned to mitigate this. The security largely depends on the trustworthiness and implementation of the compiled executable provided by ABIS B.V.
Updated: 2025-12-01GitHub
55
1
Medium Cost
ekkostech icon

ekkos-mcp-server

by ekkostech

Sec8

Provides a persistent, multi-layered memory system for AI agents in IDEs, enabling them to learn from past interactions, solutions, and directives to become smarter over time.

Setup Requirements

  • ⚠️Requires Node.js 18+ installed.
  • ⚠️Requires an API Key and User ID from https://platform.ekkos.dev.
  • ⚠️Requires environment variables SUPABASE_URL and SUPABASE_SERVICE_ROLE_KEY (or MEMORY_API_TOKEN) to be explicitly set for direct database access.
Verified SafeView Analysis
The server relies on environment variables for sensitive API keys (e.g., SUPABASE_SERVICE_ROLE_KEY), which is good practice to avoid hardcoding. However, the service role key grants direct and powerful access to the Supabase database. If the user's local environment where this server runs is compromised, these keys could be exposed, leading to potential data manipulation. The server makes external HTTP/HTTPS requests to backend services (api.ekkos.dev and Supabase directly) which is inherent to its functionality. No obvious use of 'eval' or code obfuscation was found. Error logging explicitly includes parts of the response data which could contain sensitive information if backend API errors returned it.
Updated: 2025-12-14GitHub
55
102
Medium Cost
bitwarden icon

mcp-server

by bitwarden

Sec9

Enables AI assistants to securely manage Bitwarden personal vaults and organization administration functions locally.

Setup Requirements

  • ⚠️Requires Bitwarden CLI to be installed globally.
  • ⚠️Requires Node.js 22+.
  • ⚠️Sensitive credentials (BW_SESSION, BW_CLIENT_ID, BW_CLIENT_SECRET) must be provided via environment variables, not hardcoded or shared.
  • ⚠️Organization administration features require a Bitwarden Teams or Enterprise organization with owner/admin permissions.
  • ⚠️Must NEVER be hosted publicly or exposed over a network due to inherent data exposure risks to the AI assistant.
Verified SafeView Analysis
The server demonstrates robust security practices. It includes extensive input validation using Zod schemas, command allowlisting, and safe command execution (`child_process.spawn` with `shell: false`) to prevent command injection. API endpoints are validated against an allowlist, and API parameters are sanitized. File path operations are highly secured with a multi-layered `validateFilePath` function that prevents path traversal, Unicode bypasses, and enforces an allowlist of allowed directories. Critical credentials are retrieved from environment variables. A strong warning emphasizes that the server is designed for local use only and must never be exposed publicly, shifting responsibility for secure deployment and AI data exposure to the user.
Updated: 2025-12-09GitHub
55
84
Medium Cost
snowmead icon

rust-docs-mcp

by snowmead

Sec8

Provides AI agents with deep, cached access to Rust crate documentation, source code, and project structure for enhanced development.

Setup Requirements

  • ⚠️Requires Rust nightly toolchain installed via rustup.
  • ⚠️Requires `git` command-line tool to be installed and in PATH.
  • ⚠️Can consume significant disk space for cached documentation (at least 1GB recommended).
  • ⚠️Full utility and seamless integration require an MCP client (e.g., Claude Code).
Verified SafeView Analysis
The core Rust application employs robust path sanitization and directory traversal checks during archive extraction (e.g., in `downloader.rs`) to prevent common vulnerabilities. Sensitive environment variables like `GITHUB_TOKEN` are handled securely with `zeroize`. The server executes external Rust toolchain commands (`cargo`, `rustdoc`, `rustup`, `git`) which relies on the integrity and security of the local Rust environment and downloaded crates. The `install.sh` script utilizes `curl | sh` which is a common but inherently less secure method for initial installation, executing remote code directly. However, this is for installation, not the server's runtime operation.
Updated: 2025-11-25GitHub
55
68
Low Cost

mcp-gateway

by hyprmcp

Sec6

A gateway or proxy server for managing and routing API requests, likely including authentication (OAuth) and JSON-RPC handling.

Setup Requirements

  • ⚠️Requires Go runtime and toolchain (specific version possibly dictated by mise.toml).
  • ⚠️Requires configuration for OAuth providers, proxy targets, and other server settings (details unknown due to missing README.md).
  • ⚠️Docker is an option but requires Docker engine installed.
Review RequiredView Analysis
As a gateway/proxy handling network requests, JSON-RPC, OAuth, and webhooks, it inherently carries network exposure risks. Without the README, specific security features, best practices, or hardening instructions are unknown. The project is written in Go, which generally reduces risks associated with 'eval' or common scripting vulnerabilities, but doesn't eliminate all network-related attack vectors.
Updated: 2025-11-18GitHub
55
1
Medium Cost
intelligent-ears icon

pd-tools-mcp

by intelligent-ears

Sec7

Automated bug bounty reconnaissance and vulnerability scanning by integrating ProjectDiscovery security tools.

Setup Requirements

  • ⚠️Requires manual installation of all ProjectDiscovery tools (subfinder, dnsx, naabu, httpx, katana, nuclei) via 'go install'.
  • ⚠️Requires Go runtime to be installed on the host system.
  • ⚠️Requires ProjectDiscovery executables to be in the system's PATH, or accessible via the Go bin directory.
Verified SafeView Analysis
The server uses 'child_process.spawn' to execute external ProjectDiscovery tools. While this method is generally safer than 'exec' as it avoids shell interpretation of arguments by default, the wrapper does not perform explicit input sanitization for all user-provided arguments (e.g., 'ports' for naabu, 'scope' for katana). If a highly specific malicious input were crafted that exploits a parsing vulnerability in an underlying ProjectDiscovery tool, it could potentially lead to unexpected behavior. The 'httpx' tool uses a hardcoded path based on the Go home directory, which introduces a dependency on that specific installation location. Overall, the security relies heavily on the integrity and security of the installed ProjectDiscovery tools and the host system's PATH configuration.
Updated: 2025-12-06GitHub
55
1
Medium Cost
ssdeanx icon

ssd-ai

by ssdeanx

Sec8

An AI development assistant implementing the Model Context Protocol (MCP) standard, offering 36 specialized tools for TypeScript, JavaScript, and Python projects, with intelligent memory management, code analysis, reasoning frameworks, and long-running task support.

Setup Requirements

  • ⚠️Requires Node.js 18.0 or higher.
  • ⚠️Requires Python 3.x for Python code analysis capabilities.
  • ⚠️Requires Chrome/Chromium/Edge/Brave browser installed for browser automation tools, or the CHROME_PATH environment variable set.
  • ⚠️Needs write access to `process.cwd()/memories` for SQLite database and `os.tmpdir()` for temporary Python scripts.
Verified SafeView Analysis
The server uses `child_process.spawn` for Python AST analysis, but the Python script is hardcoded within the `PythonParser.ts` file, limiting arbitrary code execution. Puppeteer, used for browser automation, is launched with `--no-sandbox` and `--disable-setuid-sandbox` flags, which can reduce isolation. The HTTP transport implements basic CORS and validates the `mcp-protocol-version` header. No hardcoded secrets or arbitrary `eval` usage were identified. The uses of external processes are justified by the features.
Updated: 2025-11-30GitHub
55
1
Medium Cost
devidasjadhav icon

mcp-redfish-python

by devidasjadhav

Sec8

An AI-powered interface for managing Redfish-enabled servers through natural language commands, utilizing Model Context Protocol (MCP) for tool integration.

Setup Requirements

  • ⚠️Requires an Anthropic API Key (paid service) for chatbot functionality.
  • ⚠️A Redfish server (mock or real) needs to be running and accessible for the system to function.
  • ⚠️Requires Python 3.8+ and manual environment variable configuration via a .env file.
Verified SafeView Analysis
The project handles API keys and sensitive credentials (Redfish username/password) using environment variables and masks them in debug output, which is good practice. It uses `json.loads` for user-provided patch/action data, which could lead to exceptions for malformed input but does not appear to execute arbitrary code. The `VERIFY_SSL` setting defaults to true, which is critical for secure communication, but can be disabled via configuration, potentially exposing to MITM attacks if set to false in a production environment.
Updated: 2025-12-13GitHub
55
1
Medium Cost

dockerise-mcp

by SyedAanif

Sec5

Provides a containerized Python-based development environment for the Minecraft Coder Pack (MCP).

Setup Requirements

  • ⚠️Docker is required to run the containerized environment.
  • ⚠️A specific Python version is required, as defined in the .python-version file.
  • ⚠️Dependency management with 'uv' (or a compatible Python package manager like pip/poetry) is necessary to install project dependencies.
Review RequiredView Analysis
A full security audit cannot be performed without access to the code content. As a 'server' project, it likely involves network interactions, which introduce potential security risks. The score is a neutral default due to lack of visibility into implementation details.
Updated: 2025-11-17GitHub
55
1
Medium Cost
avantifellows icon

mcp-postgres

by avantifellows

Sec9

Provides a read-only Model Context Protocol (MCP) server for AI tools (like Claude Code, Cursor) to query a PostgreSQL database directly.

Setup Requirements

  • ⚠️Requires Python 3.10 or higher.
  • ⚠️Crucial to set up PostgreSQL database credentials (AF_DB_HOST, AF_DB_PORT, AF_DB_USER, AF_DB_PASSWORD, AF_DB_NAME) as environment variables.
  • ⚠️The configured database user must have `SELECT` permissions on the target database and tables, and network access to the PostgreSQL host.
Verified SafeView Analysis
The server implements robust read-only enforcement through the `is_read_only` function, which explicitly checks for and blocks all common write/destructive SQL keywords (INSERT, UPDATE, DELETE, DROP, ALTER, TRUNCATE, CREATE, GRANT, REVOKE). This check is applied to all `query` calls and even to the `WHERE` clause in `count_rows`. Database credentials are loaded securely from environment variables, preventing hardcoding. Table and schema names in `sample_data` and `count_rows` are dynamically inserted with identifier quoting to mitigate SQL injection risk, though direct parameterization of identifiers isn't standard in `asyncpg`. No `eval` or similar dangerous dynamic code execution is present. Queries are logged locally.
Updated: 2025-12-11GitHub
PreviousPage 45 of 647Next